Reply
New Contributor
Posts: 3
Registered: ‎02-14-2018
Accepted Solution

Java Code example to connect to SOLR using Kerberos and SASL

[ Edited ]

Does anyone out there have an example of Java code that can connect to a Cloudra SOLR collection (under zookeeper) that uses Kerberos and the correct SASL parameters?   Googling brings up some suggestions and some not ready for prime time classes.  I'm looking for connection code, not a Morphlines example.

 

Thanks,  Rick

Cloudera Employee
Posts: 33
Registered: ‎06-10-2015

Re: Java Code example to connect to SOLR using Kerberos and SASL

Hi Rick,

 

Did you find this info in Cloudera Search documentation - does this help?

 

https://www.cloudera.com/documentation/enterprise/latest/topics/search_using_kerberos.html

 

Nick

Cloudera Employee
Posts: 33
Registered: ‎06-10-2015

Re: Java Code example to connect to SOLR using Kerberos and SASL

New Contributor
Posts: 3
Registered: ‎02-14-2018

Re: Java Code example to connect to SOLR using Kerberos and SASL

I got this to work as follows (but there's a twist when dealing with Eclipse from Windows):

 

System.setProperty("javax.net.ssl.trustStorePassword","xxxxxx");
System.setProperty("java.security.auth.login.config", "C:\\my_jaas.conf");
String zkHosts = "zookeeper1.com:2181,zookeeper2.ghp.com:2181,zookeeper3.ghp.com:2181/solr";

Krb5HttpClientBuilder krbBuild = new Krb5HttpClientBuilder();
SolrHttpClientBuilder kb = krbBuild.getBuilder();
HttpClientUtil.setHttpClientBuilder(kb);
CloudSolrClient solrServer = new CloudSolrClient.Builder().withZkHost(zkHosts).build();

String collectionName = "test_col";
solrServer.setDefaultCollection(collectionName);
solrServer.connect();

SolrQuery parameters = new SolrQuery();
parameters.set("q", "*:*");
try {
solrServer.commit();
QueryResponse response = solrServer.query(parameters);
for (SolrDocument solrDocument : response.getResults()) {
System.out.println(" " + solrDocument.toString());
}
krbBuild.close();
solrServer.close();
} catch (SolrServerException | IOException e) {
e.printStackTrace();
}

 

If you are working from a Windows Environment and Windows is generating your TGT Kerberos keys and Kerberos is hooked into AD (that is, not using MIT Kerberos), then you need to update the registry as follows (thanks to Cloudera Systems Engineer Tom Roach):

 

On windows, to use your kerberos tickets from AD in your Java program, you need to setup this Windows registry.

 

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\Kerberos\Parameters

Value Name: AllowTgtSessionKey

Value Type: REG_DWORD

Value: 0x01

 

jaas.conf:

Client {
com.sun.security.auth.module.Krb5LoginModule required
useKeyTab=false
useTicketCache=true
principal="myuser@MYDOMAIN.COM";
};

Announcements